US20100070776A1 - Logging system events - Google Patents

Logging system events Download PDF

Info

Publication number
US20100070776A1
US20100070776A1 US12/263,506 US26350608A US2010070776A1 US 20100070776 A1 US20100070776 A1 US 20100070776A1 US 26350608 A US26350608 A US 26350608A US 2010070776 A1 US2010070776 A1 US 2010070776A1
Authority
US
United States
Prior art keywords
log
intrusion detection
processing system
data processing
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/263,506
Inventor
Shankar Raman
Kishore Kumar MUPPIRALA
Sridhar Bandi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Enterprise Development LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Assigned to HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. reassignment HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BANDI, SRIDHAR, MUPPIRALA, KISHORE KUMAR, RAMAN, SHANKAR
Publication of US20100070776A1 publication Critical patent/US20100070776A1/en
Assigned to HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP reassignment HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Definitions

  • host-based intrusion detection systems include a mechanism to report activity on a node to a centralized server through a network.
  • US Patent Application No. 2002/0046350 discloses a system and method for establishing a log file which may be used to create an audit trail.
  • a centralized server maintains a log file of actions performed by a requester and the security server which are related to protected objects.
  • FIG. 1 shows a block diagram of a data processing system
  • FIG. 2 shows a flow diagram illustrating steps involved in a method of logging a system event
  • FIG. 3 shows a flow diagram illustrating steps involved in a method of restoring a log of system events from a log file
  • FIG. 4 is a flow diagram showing steps involved in a method of sending a log event to a server.
  • FIG. 1 shows data processing system 100 .
  • Data processing system 100 comprises processor 110 , memory 120 and non-volatile storage 130 .
  • Data processing system 100 is connected to server 150 by network 140 .
  • Data processing system 100 may be a node of an IT system, and server 150 may be a centralized system which securely stores a log of activities received through network 140 .
  • the data processing system 100 may further comprise an intrusion detection thread 112 operable to allocate an area of the memory 120 for a log 122 .
  • the intrusion detection thread 112 may be operable to receive data indicative of a log event and to synchronize the log 122 with the log file 134 .
  • Processor 110 executes intrusion detection thread 112 and intrusion detection agent 114 .
  • Intrusion detection agent 114 monitors the activities of an administrator or user on data processing system 100 .
  • Intrusion detection agent 114 sends data indicative of system events which are detected by intrusion detection agent 114 to intrusion detection thread 112 .
  • Intrusion detection thread 112 stores data indicative of system events in log 122 which is stored in memory 120 .
  • intrusion detection thread 112 allocates a portion of memory 120 for log 122 .
  • Intrusion detection agent 114 may mark log 122 as read only. This prevents other processes and applications from changing the data stored in log 122 .
  • Intrusion detection agent 114 reads data from log 122 and sends the data indicative of the log event via network 140 to server 150 .
  • Intrusion detection thread 112 and intrusion detection agent 114 may be operating system components.
  • Intrusion detection thread 112 may be a kernel thread, this thread may be implemented as an extension to an existing intrusion detection logging thread, or as an explicitly created kernel thread when the operating system is taken into a single user mode.
  • a kernel thread as understood herein is a fraction of a program running in the kernel process.
  • a kernel thread exists within the context of a process and provides an operating system the means to address and execute smaller segments of the process. It also enables programs to take advantage of capabilities provided by the hardware for concurrent and parallel processing.
  • a single user mode allows the system to be booted for a single super user, forbidding other users to log into the system during a period of time. In general, this is a temporary mode where the system is taken into this mode for maintenance purposes.
  • Intrusion detection thread 112 synchronizes log 122 with a log file 134 stored in non-volatile storage 130 .
  • Non-volatile storage 130 may be for example a hard disc drive.
  • Log file 134 is stored in a firmware partition 132 of non-volatile storage 130 .
  • Firmware partition 132 may be inaccessible to a user or administrator of data processing system 100 .
  • Firmware partition 132 may be implemented for example as an extensible firmware interface partition or other early boot firmware partition of non-volatile storage 130 .
  • Log file 134 may be stored in an encrypted format. This would provide a further security against a malicious user or administrator from modifying log file 134 .
  • Intrusion detection thread 112 may synchronize log 122 to log file 134 periodically, after the reception of a certain number of events, or according to other criteria. When data processing system 100 is shut down, intrusion detection thread 112 synchronizes log 122 to log file 134 as part of the shutdown process. This ensures that all user activity is recorded in log file 134 , and that a malicious user or administrator cannot avoid his or her activities from being detected and recorded by restarting or shutting down the system. Upon boot up of data processing system 100 , intrusion detection thread may read log file 134 and record or write all events into log 122 stored in memory 120 . The events are the contents of the log file 134 .
  • intrusion detection agent 114 log events to server 150 via network 140 , they may be deleted from log 122 stored in memory 120 and log file 134 stored in non-volatile storage 130 .
  • the kernel thread running in the kernel process, may not be terminated by an administrator and detects all changes in the data processing system 100 .
  • the kernel thread logs the changes to a portion of the memory 120 , securing audit records of changes from a malicious super user or administrator.
  • the data processing system 100 may keep the log events communicated to a central server and logs the system activity events to a special region in the memory 120 . It also synchronizes the logs in memory 120 to a log file 134 on the disk.
  • the log file 134 is created in a disk area accessible by the firmware that can be read by the kernel thread. This avoids an administrator from corrupting the log file.
  • the data processing system 100 increases the accountability of the root administrator's activity in the single user mode. It also provides integrity of the audit records even when the system is not available in network mode, for example during system failures or reboots.
  • the data processing system 100 returns to an operational mode that enables the network connection between the data processing system 100 and the central console, the contents of the log file and in the log information in memory 120 is communicated back to the centralized console. All the activities of the data processing system 100 in a data center are logged and tracked, protecting it from security breaches.
  • FIG. 2 shows a method 200 for logging system events.
  • Method 200 may be carried out by an intrusion detection thread such as that shown as intrusion detection thread 122 in FIG. 1 .
  • a memory area is allocated for the log.
  • the area of memory allocated for the log in step 202 may be marked as read only.
  • data indicative of a log event is received.
  • the data received may be from an intrusion detection agent such as intrusion detection agent 114 in FIG. 1 .
  • the data received indicative of a log event is stored in the log. Following storage of the data in the log, memory location where the data is stored may be marked read only to prevent other applications or processes from filing or deleting the log data.
  • step 208 the data stored in the memory is synchronized to a log file stored in non-volatile storage.
  • the log file in non-volatile storage may be inaccessible to a user or administrator of the system to prevent the user or administrator from changing the data.
  • the method 200 is computer-implemented, such as by a client or a server computer.
  • the log file 134 is inaccessible to a user or administrator. In that way, a malicious administrator cannot alter or corrupt the log files and remove traces of malicious activity. Furthermore, as the log file 134 is stored in non-volatile storage 130 , rebooting or restarting the system does not remove the data stored in the log file 134 .
  • the method may further comprise the step of sending the data to a server via a network. This step may be carried out by an intrusion detection agent.
  • the intrusion detection agent may also monitor the system and send the data indicative of a log event to the intrusion detection thread in step 204 .
  • Method 200 may be triggered by detecting that a data processing system has been taken into a single user mode. Alternatively, method 200 may be triggered at boot up of a data processing system. Thus, the method may be executed when the data processing system 100 is taken into a single user mode, for example by disconnecting it from a network.
  • the data When the data is stored in the log file in step 208 , the data may be encrypted. This provides a further protection of the data stored in the log file 134 from a malicious user or administrator.
  • FIG. 3 shows a method 300 showing the steps undertaken upon boot up of a data processing system.
  • a memory area is allocated for the log.
  • the contents of the log files stored in non-volatile storage are read.
  • the contents read from the log file are stored in the log in the memory area.
  • the log 122 may be restored from the non-volatile storage 130 to the memory 120 area.
  • the method may further comprise the step of marking the memory area as read only. In this way, other processes and applications are prevented from overwriting the memory.
  • the non-volatile storage 130 may be a partition accessible by early boot firmware.
  • FIG. 4 shows a method 400 which may be undertaken by an intrusion detection agent such as intrusion detection agent 114 shown in FIG. 1 .
  • the intrusion detection agent checks network availability.
  • the intrusion detection agent receives a log event from the intrusion detection thread. This may be in response to a request.
  • the intrusion detection thread may supply the log events to the intrusion detection agent in a first in-first out order. Such an order would be the same order in which the events were received by the intrusion detection thread, which would be the order in which the events occurred.
  • the events are sent to the server.
  • the methods described above may be implemented as a hardware embodiment, a software embodiment, or a combination of the two.
  • the methods may be implemented as a computer program product comprising computer readable instructions which when executed on a computer would cause the computer to execute the methods described above.

Abstract

Provided is computer implemented method for logging system events, comprising:
    • allocating a memory area for a log;
    • receiving data indicative of a log event;
    • storing said data in said memory area;
    • synchronising data in said memory area to a log file stored in non-volatile storage, the non-volatile storage and the memory area being inaccessible to a user or an administrator.

Description

    RELATED APPLICATIONS
  • Benefit is claimed under 35 U.S.C. 119(a)-(d) to Foreign application Ser No. 2268/CHE/2008 entitled “LOGGING SYSTEM EVENTS” by Hewlett-Packard Development Company, L.P., filed on 17 Sep. 2008, which is herein incorporated in its entirety by reference for all purposes.
    • BACKGROUND
  • There is an increasing trend for the outsourcing of information technology systems. As a result of this, the administration of information technology systems may additionally be outsourced. The administrator of an information technology system often has the ability to access and modify elements of an information technology system. In such systems, the maintenance of logs and audit trails of actions of an administrator allowed malicious activity by such an administrator to be detected. For example, host-based intrusion detection systems include a mechanism to report activity on a node to a centralized server through a network.
  • US Patent Application No. 2002/0046350 discloses a system and method for establishing a log file which may be used to create an audit trail.
  • A centralized server maintains a log file of actions performed by a requester and the security server which are related to protected objects.
  • Such systems however require that the network be connected. A malicious administrator could disable the network, and perform a malicious act, and remove any trace from system logs before connecting back to the network.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In the following, embodiments of the invention will be described, by way of example only, and with reference to the drawings in which:
  • FIG. 1 shows a block diagram of a data processing system,
  • FIG. 2 shows a flow diagram illustrating steps involved in a method of logging a system event,
  • FIG. 3 shows a flow diagram illustrating steps involved in a method of restoring a log of system events from a log file,
  • FIG. 4 is a flow diagram showing steps involved in a method of sending a log event to a server.
    •  DETAILED DESCRIPTION
  • FIG. 1 shows data processing system 100. Data processing system 100 comprises processor 110, memory 120 and non-volatile storage 130. Data processing system 100 is connected to server 150 by network 140. Data processing system 100 may be a node of an IT system, and server 150 may be a centralized system which securely stores a log of activities received through network 140. The data processing system 100 may further comprise an intrusion detection thread 112 operable to allocate an area of the memory 120 for a log 122. The intrusion detection thread 112 may be operable to receive data indicative of a log event and to synchronize the log 122 with the log file 134.
  • Processor 110 executes intrusion detection thread 112 and intrusion detection agent 114. Intrusion detection agent 114 monitors the activities of an administrator or user on data processing system 100. Intrusion detection agent 114 sends data indicative of system events which are detected by intrusion detection agent 114 to intrusion detection thread 112. Intrusion detection thread 112 stores data indicative of system events in log 122 which is stored in memory 120. When activated, intrusion detection thread 112 allocates a portion of memory 120 for log 122. Intrusion detection agent 114 may mark log 122 as read only. This prevents other processes and applications from changing the data stored in log 122.
  • Intrusion detection agent 114 reads data from log 122 and sends the data indicative of the log event via network 140 to server 150. Intrusion detection thread 112 and intrusion detection agent 114 may be operating system components. Intrusion detection thread 112 may be a kernel thread, this thread may be implemented as an extension to an existing intrusion detection logging thread, or as an explicitly created kernel thread when the operating system is taken into a single user mode.
  • A kernel thread as understood herein is a fraction of a program running in the kernel process. A kernel thread exists within the context of a process and provides an operating system the means to address and execute smaller segments of the process. It also enables programs to take advantage of capabilities provided by the hardware for concurrent and parallel processing.
  • A single user mode allows the system to be booted for a single super user, forbidding other users to log into the system during a period of time. In general, this is a temporary mode where the system is taken into this mode for maintenance purposes.
  • Intrusion detection thread 112 synchronizes log 122 with a log file 134 stored in non-volatile storage 130. Non-volatile storage 130 may be for example a hard disc drive. Log file 134 is stored in a firmware partition 132 of non-volatile storage 130. Firmware partition 132 may be inaccessible to a user or administrator of data processing system 100. Firmware partition 132 may be implemented for example as an extensible firmware interface partition or other early boot firmware partition of non-volatile storage 130. Log file 134 may be stored in an encrypted format. This would provide a further security against a malicious user or administrator from modifying log file 134.
  • Intrusion detection thread 112 may synchronize log 122 to log file 134 periodically, after the reception of a certain number of events, or according to other criteria. When data processing system 100 is shut down, intrusion detection thread 112 synchronizes log 122 to log file 134 as part of the shutdown process. This ensures that all user activity is recorded in log file 134, and that a malicious user or administrator cannot avoid his or her activities from being detected and recorded by restarting or shutting down the system. Upon boot up of data processing system 100, intrusion detection thread may read log file 134 and record or write all events into log 122 stored in memory 120. The events are the contents of the log file 134.
  • As intrusion detection agent 114 log events to server 150 via network 140, they may be deleted from log 122 stored in memory 120 and log file 134 stored in non-volatile storage 130.
  • The kernel thread, running in the kernel process, may not be terminated by an administrator and detects all changes in the data processing system 100. The kernel thread logs the changes to a portion of the memory 120, securing audit records of changes from a malicious super user or administrator. The data processing system 100 may keep the log events communicated to a central server and logs the system activity events to a special region in the memory 120. It also synchronizes the logs in memory 120 to a log file 134 on the disk. The log file 134 is created in a disk area accessible by the firmware that can be read by the kernel thread. This avoids an administrator from corrupting the log file.
  • The data processing system 100 increases the accountability of the root administrator's activity in the single user mode. It also provides integrity of the audit records even when the system is not available in network mode, for example during system failures or reboots. When the data processing system 100 returns to an operational mode that enables the network connection between the data processing system 100 and the central console, the contents of the log file and in the log information in memory 120 is communicated back to the centralized console. All the activities of the data processing system 100 in a data center are logged and tracked, protecting it from security breaches.
  • FIG. 2 shows a method 200 for logging system events. Method 200 may be carried out by an intrusion detection thread such as that shown as intrusion detection thread 122 in FIG. 1. In step 202 a memory area is allocated for the log. The area of memory allocated for the log in step 202 may be marked as read only. In step 204, data indicative of a log event is received. The data received may be from an intrusion detection agent such as intrusion detection agent 114 in FIG. 1. In step 206, the data received indicative of a log event is stored in the log. Following storage of the data in the log, memory location where the data is stored may be marked read only to prevent other applications or processes from filing or deleting the log data. In step 208, the data stored in the memory is synchronized to a log file stored in non-volatile storage. The log file in non-volatile storage may be inaccessible to a user or administrator of the system to prevent the user or administrator from changing the data. The method 200 is computer-implemented, such as by a client or a server computer.
  • As the kernel thread runs in the kernel process and the log 122 is stored in a read mode, the log file 134 is inaccessible to a user or administrator. In that way, a malicious administrator cannot alter or corrupt the log files and remove traces of malicious activity. Furthermore, as the log file 134 is stored in non-volatile storage 130, rebooting or restarting the system does not remove the data stored in the log file 134.
  • The method may further comprise the step of sending the data to a server via a network. This step may be carried out by an intrusion detection agent. The intrusion detection agent may also monitor the system and send the data indicative of a log event to the intrusion detection thread in step 204.
  • Method 200 may be triggered by detecting that a data processing system has been taken into a single user mode. Alternatively, method 200 may be triggered at boot up of a data processing system. Thus, the method may be executed when the data processing system 100 is taken into a single user mode, for example by disconnecting it from a network.
  • When the data is stored in the log file in step 208, the data may be encrypted. This provides a further protection of the data stored in the log file 134 from a malicious user or administrator.
  • FIG. 3 shows a method 300 showing the steps undertaken upon boot up of a data processing system. In step 302, a memory area is allocated for the log. In step 304, the contents of the log files stored in non-volatile storage are read. In step 306, the contents read from the log file are stored in the log in the memory area. Thus, the log 122 may be restored from the non-volatile storage 130 to the memory 120 area.
  • The method may further comprise the step of marking the memory area as read only. In this way, other processes and applications are prevented from overwriting the memory. 120 The non-volatile storage 130 may be a partition accessible by early boot firmware.
  • FIG. 4 shows a method 400 which may be undertaken by an intrusion detection agent such as intrusion detection agent 114 shown in FIG. 1. In step 402, the intrusion detection agent checks network availability. In step 404, the intrusion detection agent receives a log event from the intrusion detection thread. This may be in response to a request. The intrusion detection thread may supply the log events to the intrusion detection agent in a first in-first out order. Such an order would be the same order in which the events were received by the intrusion detection thread, which would be the order in which the events occurred. In step 406, the events are sent to the server.
  • The methods described above may be implemented as a hardware embodiment, a software embodiment, or a combination of the two. The methods may be implemented as a computer program product comprising computer readable instructions which when executed on a computer would cause the computer to execute the methods described above.
    • LIST OF REFERENCE NUMERALS
  • 100 data processing system
  • 110 processor
  • 112 intrusion detection thread
  • 114 intrusion detection agent
  • 120 memory
  • 122 log
  • 130 non-volatile storage
  • 132 firmware partition
  • 134 log file
  • 140 network
  • 150 server
  • 200 method
  • 202 allocate memory area for log
  • 204 receive data indicative of log event
  • 206 store data in log
  • 208 store data in log file
  • 300 method
  • 302 allocate memory area for log
  • 304 read contents of log file
  • 306 store contents of log file in log
  • 400 method
  • 402 check network available
  • 404 receive log event from intrusion detection thread
  • 406 send to server

Claims (15)

1. A computer implemented method in an intrusion detection thread for logging system events, comprising:
allocating a memory area for a log;
receiving data indicative of a log event;
storing said data in said memory area;
synchronising data in said memory area to a log file stored in non-volatile storage, the non-volatile storage and the memory area being inaccessible to a user or an administrator.
2. The method of claim 1, further comprising sending said data to a server via a network and detecting that a data processing system has been taken into a single user mode, wherein said intrusion detection thread is a kernel thread running in a kernel process.
3. The method of claim 1 or 2, further comprising encrypting the data stored in said log file and reading data from said log file upon boot up.
4. The method of any one of the preceding claims 1 to 3, further comprising marking said memory area read only, said non-volatile storage being a partition accessible by early boot firmware.
5. A data processing system comprising:
a memory;
a non-volatile storage, having a firmware partition, said firmware partition comprising storage for a log file;
an intrusion detection thread operable to allocate an area of said memory for a log, to receive data indicative of a log event and to synchronize said log to said log file.
6. The data processing system of claim 5, further comprising an intrusion detection agent operable to send said data indicative of said log event to said intrusion detection thread, wherein said intrusion detection thread is a kernel thread running in a kernel process.
7. The data processing system of claim 6, the intrusion detection agent further operable read said log and to send said data indicative of said log event to a server via a network.
8. The data processing system of any one of the preceding claims 5 to 7 said log file being encrypted, said intrusion detection thread being further operable to mark said area of said memory read only.
9. The data processing system of any one of the preceding claims 5 to 8 said intrusion thread triggered by said data processing system being taken into a single user mode.
10. The data processing system of any one of the preceding claims 5 to 9, said intrusion detection thread being further operable to read said log file upon boot up of said data processing system and to write the contents of said log file to said log.
11. The data processing system of any one of the preceding claims 5 to 10, said intrusion detection thread being further operable to synchronize said log to said log file in the event that said data processing system is shutdown.
12. A computer program product comprising computer executable instructions which when executed on an intrusion detection thread cause a computer to execute a method for logging system events, the method comprising:
allocating an area of a memory of said computer for logging system events;
receiving data indicative of a log event;
storing said data indicative of said log event in said area of said memory;
storing said data indicative of said log event on a partition of a non-volatile storage medium;
13. The computer program product of claim 12, the method further comprising marking said area of said memory read only, wherein said intrusion detection thread is a kernel thread running in a kernel process.
14. The computer program product of claims 12 or 13, the method further comprising reading data indicative of a previous log event from said non-volatile storage medium.
15. The computer program product of any one of claims 12 to 14, said partition of said non-volatile storage medium being an early boot firmware area, said early boot firmware area being inaccessible to a user of said computer, the method further comprising encrypting said data indicative of said log event.
US12/263,506 2008-09-17 2008-11-03 Logging system events Abandoned US20100070776A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2268CH2008 2008-09-17
IN2268/CHE/2008 2008-09-17

Publications (1)

Publication Number Publication Date
US20100070776A1 true US20100070776A1 (en) 2010-03-18

Family

ID=42008289

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/263,506 Abandoned US20100070776A1 (en) 2008-09-17 2008-11-03 Logging system events

Country Status (1)

Country Link
US (1) US20100070776A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140013141A1 (en) * 2012-07-03 2014-01-09 Samsung Electronics Co. Ltd. Method and apparatus for controlling sleep mode in portable terminal
US8938805B1 (en) * 2012-09-24 2015-01-20 Emc Corporation Detection of tampering with software installed on a processing device
US20150089304A1 (en) * 2013-09-20 2015-03-26 Oracle International Corporation User-directed logging and auto-correction
WO2016095151A1 (en) * 2014-12-18 2016-06-23 Hua Zhong University Of Science Technology Storing log records in a non-volatile memory
CN105843754A (en) * 2016-03-23 2016-08-10 山东超越数控电子有限公司 Log information storage method for solid-state hard disk
US9485271B1 (en) * 2014-03-11 2016-11-01 Symantec Corporation Systems and methods for anomaly-based detection of compromised IT administration accounts
EP3168747A1 (en) * 2015-11-13 2017-05-17 Xiaomi Inc. Method and device for monitoring a file in a system partition
US10327583B2 (en) * 2017-03-06 2019-06-25 Keenwawa, Inc. Automatic food preparation apparatus
CN113961151A (en) * 2021-11-02 2022-01-21 锐凌无线通讯科技(深圳)有限公司 Fault log storage method and device, electronic equipment and storage medium
US11361071B2 (en) * 2017-04-20 2022-06-14 Huntress Labs Incorporated Apparatus and method for conducting endpoint-network-monitoring
AT525553A4 (en) * 2021-12-21 2023-05-15 Avl Ditest Gmbh Measuring device and method of operating a measuring device

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6098171A (en) * 1998-03-31 2000-08-01 International Business Machines Corporation Personal computer ROM scan startup protection
US20020046350A1 (en) * 2000-09-14 2002-04-18 Lordemann David A. Method and system for establishing an audit trail to protect objects distributed over a network
US20020099666A1 (en) * 2000-11-22 2002-07-25 Dryer Joseph E. System for maintaining the security of client files
US20030084340A1 (en) * 2001-10-31 2003-05-01 Schertz Richard L. System and method of graphically displaying data for an intrusion protection system
US6622116B2 (en) * 1995-04-17 2003-09-16 Research Investment Network, Inc. Time and activity tracker
US20030196100A1 (en) * 2002-04-15 2003-10-16 Grawrock David W. Protection against memory attacks following reset
US20040098623A1 (en) * 2002-10-31 2004-05-20 Secnap Network Security, Llc Intrusion detection system
US20050005101A1 (en) * 2003-07-03 2005-01-06 Yenduri Bhargava K. Kernel cryptographic module signature verification system and method
US6986052B1 (en) * 2000-06-30 2006-01-10 Intel Corporation Method and apparatus for secure execution using a secure memory partition
US7089428B2 (en) * 2000-04-28 2006-08-08 Internet Security Systems, Inc. Method and system for managing computer security information
US7127579B2 (en) * 2002-03-26 2006-10-24 Intel Corporation Hardened extended firmware interface framework
US7302698B1 (en) * 1999-09-17 2007-11-27 Hewlett-Packard Development Company, L.P. Operation of trusted state in computing platform
US20080229406A1 (en) * 2005-10-19 2008-09-18 Samsung Electronics Co., Ltd. Method and apparatus for exclusively controlling a device in a home network
US7506380B2 (en) * 2005-01-14 2009-03-17 Microsoft Corporation Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
US20090132579A1 (en) * 2007-11-21 2009-05-21 Kwang Edward M Session audit manager and method
US7551073B2 (en) * 2007-01-10 2009-06-23 International Business Machines Corporation Method, system and program product for alerting an information technology support organization of a security event
US20090199212A1 (en) * 2008-02-04 2009-08-06 Red Hat, Inc. Configuration interface manager
US7617534B1 (en) * 2005-08-26 2009-11-10 Symantec Corporation Detection of SYSENTER/SYSCALL hijacking
US7634507B2 (en) * 2006-08-30 2009-12-15 Inmage Systems, Inc. Ensuring data persistence and consistency in enterprise storage backup systems
US7652982B1 (en) * 2005-11-16 2010-01-26 Juniper Networks, Inc. Providing high availability network services
US7657939B2 (en) * 2005-03-14 2010-02-02 International Business Machines Corporation Computer security intrusion detection system for remote, on-demand users
US7690033B2 (en) * 2004-09-28 2010-03-30 Exobox Technologies Corp. Electronic computer system secured from unauthorized access to and manipulation of data
US7752166B2 (en) * 2001-11-15 2010-07-06 Visto Corporation System and methods for asynchronous synchronization

Patent Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6622116B2 (en) * 1995-04-17 2003-09-16 Research Investment Network, Inc. Time and activity tracker
US6098171A (en) * 1998-03-31 2000-08-01 International Business Machines Corporation Personal computer ROM scan startup protection
US7302698B1 (en) * 1999-09-17 2007-11-27 Hewlett-Packard Development Company, L.P. Operation of trusted state in computing platform
US7089428B2 (en) * 2000-04-28 2006-08-08 Internet Security Systems, Inc. Method and system for managing computer security information
US6986052B1 (en) * 2000-06-30 2006-01-10 Intel Corporation Method and apparatus for secure execution using a secure memory partition
US20020046350A1 (en) * 2000-09-14 2002-04-18 Lordemann David A. Method and system for establishing an audit trail to protect objects distributed over a network
US20020099666A1 (en) * 2000-11-22 2002-07-25 Dryer Joseph E. System for maintaining the security of client files
US20030084340A1 (en) * 2001-10-31 2003-05-01 Schertz Richard L. System and method of graphically displaying data for an intrusion protection system
US7752166B2 (en) * 2001-11-15 2010-07-06 Visto Corporation System and methods for asynchronous synchronization
US7127579B2 (en) * 2002-03-26 2006-10-24 Intel Corporation Hardened extended firmware interface framework
US20030196100A1 (en) * 2002-04-15 2003-10-16 Grawrock David W. Protection against memory attacks following reset
US20040098623A1 (en) * 2002-10-31 2004-05-20 Secnap Network Security, Llc Intrusion detection system
US20050005101A1 (en) * 2003-07-03 2005-01-06 Yenduri Bhargava K. Kernel cryptographic module signature verification system and method
US7690033B2 (en) * 2004-09-28 2010-03-30 Exobox Technologies Corp. Electronic computer system secured from unauthorized access to and manipulation of data
US7506380B2 (en) * 2005-01-14 2009-03-17 Microsoft Corporation Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
US7657939B2 (en) * 2005-03-14 2010-02-02 International Business Machines Corporation Computer security intrusion detection system for remote, on-demand users
US7617534B1 (en) * 2005-08-26 2009-11-10 Symantec Corporation Detection of SYSENTER/SYSCALL hijacking
US20080229406A1 (en) * 2005-10-19 2008-09-18 Samsung Electronics Co., Ltd. Method and apparatus for exclusively controlling a device in a home network
US7652982B1 (en) * 2005-11-16 2010-01-26 Juniper Networks, Inc. Providing high availability network services
US7634507B2 (en) * 2006-08-30 2009-12-15 Inmage Systems, Inc. Ensuring data persistence and consistency in enterprise storage backup systems
US7551073B2 (en) * 2007-01-10 2009-06-23 International Business Machines Corporation Method, system and program product for alerting an information technology support organization of a security event
US20090132579A1 (en) * 2007-11-21 2009-05-21 Kwang Edward M Session audit manager and method
US20090199212A1 (en) * 2008-02-04 2009-08-06 Red Hat, Inc. Configuration interface manager

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9851779B2 (en) * 2012-07-03 2017-12-26 Samsung Electronics Co., Ltd. Method and apparatus for controlling sleep mode using a low power processor in portable terminal
US20140013141A1 (en) * 2012-07-03 2014-01-09 Samsung Electronics Co. Ltd. Method and apparatus for controlling sleep mode in portable terminal
US8938805B1 (en) * 2012-09-24 2015-01-20 Emc Corporation Detection of tampering with software installed on a processing device
US9811433B2 (en) 2013-09-20 2017-11-07 Oracle International Corporation User-directed diagnostics and auto-correction
US20150089304A1 (en) * 2013-09-20 2015-03-26 Oracle International Corporation User-directed logging and auto-correction
US9836371B2 (en) * 2013-09-20 2017-12-05 Oracle International Corporation User-directed logging and auto-correction
US9485271B1 (en) * 2014-03-11 2016-11-01 Symantec Corporation Systems and methods for anomaly-based detection of compromised IT administration accounts
WO2016095151A1 (en) * 2014-12-18 2016-06-23 Hua Zhong University Of Science Technology Storing log records in a non-volatile memory
RU2639898C2 (en) * 2015-11-13 2017-12-25 Сяоми Инк. Method and device for monitoring file in system section
EP3168747A1 (en) * 2015-11-13 2017-05-17 Xiaomi Inc. Method and device for monitoring a file in a system partition
CN105843754A (en) * 2016-03-23 2016-08-10 山东超越数控电子有限公司 Log information storage method for solid-state hard disk
US10327583B2 (en) * 2017-03-06 2019-06-25 Keenwawa, Inc. Automatic food preparation apparatus
US11096519B2 (en) 2017-03-06 2021-08-24 Keenwawa, Inc. Automatic food preparation apparatus
US11698963B2 (en) * 2017-04-20 2023-07-11 Huntress Labs Incorporated Apparatus and method for conducting endpoint-network-monitoring
US11361071B2 (en) * 2017-04-20 2022-06-14 Huntress Labs Incorporated Apparatus and method for conducting endpoint-network-monitoring
US20230004640A1 (en) * 2017-04-20 2023-01-05 Huntress Labs Incorporated Apparatus and method for conducting endpoint-network-monitoring
US20230394138A1 (en) * 2017-04-20 2023-12-07 Huntress Labs Incorporated Apparatus and method for conducting endpoint-network-monitoring
CN113961151A (en) * 2021-11-02 2022-01-21 锐凌无线通讯科技(深圳)有限公司 Fault log storage method and device, electronic equipment and storage medium
AT525553B1 (en) * 2021-12-21 2023-05-15 Avl Ditest Gmbh Measuring device and method of operating a measuring device
AT525553A4 (en) * 2021-12-21 2023-05-15 Avl Ditest Gmbh Measuring device and method of operating a measuring device

Similar Documents

Publication Publication Date Title
US20100070776A1 (en) Logging system events
US8955108B2 (en) Security virtual machine for advanced auditing
US11295021B2 (en) Using a threat model to monitor host execution in a virtualized environment
US9843564B2 (en) Securing data using integrated host-based data loss agent with encryption detection
US11120011B2 (en) Database transaction log writing and integrity checking
AU2015279922B2 (en) Automated code lockdown to reduce attack surface for software
US9069955B2 (en) File system level data protection during potential security breach
US20180189490A1 (en) Ransomware detection and damage mitigation
US20060294589A1 (en) Method/system to speed up antivirus scans using a journal file system
US8095979B2 (en) Analysis of event information to perform contextual audit
CN102884535A (en) Protected device management
US7516317B2 (en) Measuring an operating system's boot duration
US7895124B2 (en) Method for protecting sensitive data during execution
Matthews et al. Data protection and rapid recovery from attack with a virtual private file server and virtual machine appliances
US10783041B2 (en) Backup and recovery of data files using hard links
US20230056426A1 (en) Behavior-Based VM Resource Capture for Forensics
US20110035808A1 (en) Rootkit-resistant storage disks
US8978151B1 (en) Removable drive security monitoring method and system
JP2001142764A (en) Log file protecting system
TWI607338B (en) Storage device, data protection method therefor, and data protection system
Butler et al. Rootkit-resistant disks
US9098676B2 (en) System and methods for detecting rollback
US10896085B2 (en) Mitigating actions
US20120185444A1 (en) Clock Monitoring in a Data-Retention Storage System
US10310948B2 (en) Evaluation of risk of data loss and backup procedures

Legal Events

Date Code Title Description
AS Assignment

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.,TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RAMAN, SHANKAR;MUPPIRALA, KISHORE KUMAR;BANDI, SRIDHAR;REEL/FRAME:021776/0019

Effective date: 20080916

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION

AS Assignment

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.;REEL/FRAME:037079/0001

Effective date: 20151027